crawler
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes explicit commands to harvest authentication credentials from the browser, such as 'context.cookies()' and 'localStorage.getItem("token")'.
- [COMMAND_EXECUTION]: The workflow relies on the 'playwriter' tool to execute dynamic JavaScript code snippets for browser automation.
- [DATA_EXFILTRATION]: Extracted sensitive data, including auth tokens and headers, are saved to the local filesystem in the '.hypercore/crawler/' directory.
- [PROMPT_INJECTION]: The skill processes untrusted website content to determine selectors and crawling logic, creating a surface for indirect prompt injection. Ingestion points: page content and accessibility snapshots. Boundary markers: None. Capability inventory: shell command execution and file writing. Sanitization: None.
Audit Metadata